ID: 45822 Updated by: [email protected] Reported By: matt at neimeyer dot org -Status: Assigned +Status: Closed Bug Type: Date/time related Operating System: * PHP Version: 5.2CVS, 5.3CVS, 6CVS (2008-08-14) Assigned To: derick New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2008-12-22 14:18:21] for-bugs at hnw dot jp As well as other comments, php -r 'strtotime("20080101000000 Sunday");' never ends on PHP 5.2.8 and 5.3.0alpha3. ------------------------------------------------------------------------ [2008-08-20 19:24:53] krimpet at toolserver dot org I can confirm this bug, and it's not limited to Windows platforms. 'php -r "strtotime('+1000000000000 days');"' crashes my Linux laptop, for example. This bug is particularly dire where user input is fed to directly to strtotime(), as it poses a DoS risk - for example, we use strtotime() in MediaWiki to format times specified by the user. (See <https://bugzilla.wikimedia.org/show_bug.cgi?id=14898>.) ------------------------------------------------------------------------ [2008-08-14 17:50:50] [email protected] It hangs in this loop: #1 0x00000000004a7f5b in do_normalize (time=0x7bf1ed0) at /home/jani/php-5.3CVS/ext/date/lib/tm2unixtime.c:166 166 do {} while (do_range_limit_days(&time->y, &time->m, &time->d)); ------------------------------------------------------------------------ [2008-08-14 17:41:19] amelek32 at gmail dot com <? echo strtotime('-24 0720080000Thu'); This is enought to this bug. It doesn't really crash, it rather goes to endless loop. Tested on Apache + PHP 5.2.6 on Windows XP x64 ------------------------------------------------------------------------ [2008-08-14 16:04:22] matt at neimeyer dot org Description: ------------ Using a stock installation of PHP 5.2.6 (or 5.2.5 or 5.2.3) as an ISAPI module on Windows 2003 Standard Edition x32 (fully updated using Windows Update), if you pass a "wacky" value to strtotime the w3wp.exe (IIS Worker Pool) spikes to 99% and crashes the web server. We accidentally used date("-24 hours") instead of strtotime("-24 hours") and then passed that (via some intermediary function calls) to strtotime. It does not crash on Win2003 SE x64 (or any other operating system that we run this application on). I am aware of other w3wp.exe bugs being reported but those do not seem to match this specific cause. Similarly, strtotime bugs don't seem to match. Reproduce code: --------------- echo strtotime(date("-24 hours")); Expected result: ---------------- Return false or -1 (with the caveat that I know it's "bad code" on my part) Actual result: -------------- w3wp.exe crashes as soon as the page starts to load. Watching in task manager on the web server, you can see w3wp.exe spike to 99% then stay there. If you kill the task the web server behaves oddly, generating "Service Unavailable" results to the end browser until the "World Wide Web Publishing Service" is restarted. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=45822&edit=1
